Since I have already ran the trusted/target recons without Access Policies, I'm looking for guidance to know if building an Access Policy with retrofit, populates the existing OIM user's resource tab with the appropriate IT Resource (e.g., AD User or Oracle DB User).

Has anyone tried this successfully?

If not, what other ways are used to achieve this update (apparently BIP reports only look at the contents of user's resource entries to build reports).

Hi, the idea is to automatically populate every OIM user's RESOURCE tab with where they originated from (say DBAT Target Recon) and if they matched an AD User Target Recon.

In my example, if an OIM user identity got created running the DBAT recon, an entry pops into that user's Resource tab indicating they were provisioned from the DBAT resource (e.g., Oracle DB User).

When I run the AD Target Recon, if an OIM identity already exists and the user is also in AD, an entry pops into that user's Resource tab indicating they were provisioned from the AD Resource (e.g., AD User).

The reason for this is because the BIP reporting jobs look to the UD_DB_ORA_U and UD_ADUSER tables.

This feature is automatic. As long as the target recon is run to pump users through the respective process form. After getting the target recons to work, the entries show up under the users' resource tabs.